General
-
Target
db6722df4057c66c0ecad864f0d34b96e4eeb82f2b4bbc383a808ad4cdebfda8
-
Size
604KB
-
Sample
220520-qmskdsdfc9
-
MD5
92768148c44e8e4f8962c2d531b9f696
-
SHA1
ac6a4064aca18e83070b626c143e0592473c6d5c
-
SHA256
db6722df4057c66c0ecad864f0d34b96e4eeb82f2b4bbc383a808ad4cdebfda8
-
SHA512
6eddccd57c1ab238c5fd2dd7dea3c26620f0f13a5691612c90da322c9d76e9ddaade1466943ef5d92d1e87f6df11fb8a7d1398b135570972f309cf1707a997e6
Static task
static1
Behavioral task
behavioral1
Sample
cnf3669009.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cnf3669009.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
cnf3669009.exe
-
Size
625KB
-
MD5
f13aa37174903d14951c141da29ec4bc
-
SHA1
f54aa0b0a452ffba34bb154a467dbef3bf347fd9
-
SHA256
b5f9a952c4009061a21147103fc6d762c60e070fc588cab92846fc1c29679715
-
SHA512
bc682d8c2fbd050a9100f5716a783580067eb553b5f7ddffe8bf39efc4e389145c104dc46c3765ac4bd3d464c891f53b1ae50dca3c2727065ffadfa932573736
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-